Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull perf fixes from Ingo Molnar:
"Six fixes for bugs that were found via fuzzing, and a trivial
hw-enablement patch for AMD Family-17h CPU PMUs"
* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf/x86/intel/uncore: Allow only a single PMU/box within an events group
perf/x86/intel: Cure bogus unwind from PEBS entries
perf/x86: Restore TASK_SIZE check on frame pointer
perf/core: Fix address filter parser
perf/x86: Add perf support for AMD family-17h processors
perf/x86/uncore: Fix crash by removing bogus event_list[] handling for SNB client uncore IMC
perf/core: Do not set cpuctx->cgrp for unscheduled cgroups
+50
-38
+7
-1
arch/x86/events/amd/core.c
+7
-1
arch/x86/events/amd/core.c
···
662
662
pr_cont("Fam15h ");
663
663
x86_pmu.get_event_constraints = amd_get_event_constraints_f15h;
664
664
break;
665
-
665
+
case 0x17:
666
+
pr_cont("Fam17h ");
667
+
/*
668
+
* In family 17h, there are no event constraints in the PMC hardware.
669
+
* We fallback to using default amd_get_event_constraints.
670
+
*/
671
+
break;
666
672
default:
667
673
pr_err("core perfctr but no constraints; unknown hardware!\n");
668
674
return -ENODEV;
+2
-8
arch/x86/events/core.c
+2
-8
arch/x86/events/core.c
···
2352
2352
frame.next_frame = 0;
2353
2353
frame.return_address = 0;
2354
2354
2355
-
if (!access_ok(VERIFY_READ, fp, 8))
2355
+
if (!valid_user_frame(fp, sizeof(frame)))
2356
2356
break;
2357
2357
2358
2358
bytes = __copy_from_user_nmi(&frame.next_frame, fp, 4);
···
2360
2360
break;
2361
2361
bytes = __copy_from_user_nmi(&frame.return_address, fp+4, 4);
2362
2362
if (bytes != 0)
2363
-
break;
2364
-
2365
-
if (!valid_user_frame(fp, sizeof(frame)))
2366
2363
break;
2367
2364
2368
2365
perf_callchain_store(entry, cs_base + frame.return_address);
···
2410
2413
frame.next_frame = NULL;
2411
2414
frame.return_address = 0;
2412
2415
2413
-
if (!access_ok(VERIFY_READ, fp, sizeof(*fp) * 2))
2416
+
if (!valid_user_frame(fp, sizeof(frame)))
2414
2417
break;
2415
2418
2416
2419
bytes = __copy_from_user_nmi(&frame.next_frame, fp, sizeof(*fp));
···
2418
2421
break;
2419
2422
bytes = __copy_from_user_nmi(&frame.return_address, fp + 1, sizeof(*fp));
2420
2423
if (bytes != 0)
2421
-
break;
2422
-
2423
-
if (!valid_user_frame(fp, sizeof(frame)))
2424
2424
break;
2425
2425
2426
2426
perf_callchain_store(entry, frame.return_address);
+23
-12
arch/x86/events/intel/ds.c
+23
-12
arch/x86/events/intel/ds.c
···
1108
1108
}
1109
1109
1110
1110
/*
1111
-
* We use the interrupt regs as a base because the PEBS record
1112
-
* does not contain a full regs set, specifically it seems to
1113
-
* lack segment descriptors, which get used by things like
1114
-
* user_mode().
1111
+
* We use the interrupt regs as a base because the PEBS record does not
1112
+
* contain a full regs set, specifically it seems to lack segment
1113
+
* descriptors, which get used by things like user_mode().
1115
1114
*
1116
-
* In the simple case fix up only the IP and BP,SP regs, for
1117
-
* PERF_SAMPLE_IP and PERF_SAMPLE_CALLCHAIN to function properly.
1118
-
* A possible PERF_SAMPLE_REGS will have to transfer all regs.
1115
+
* In the simple case fix up only the IP for PERF_SAMPLE_IP.
1116
+
*
1117
+
* We must however always use BP,SP from iregs for the unwinder to stay
1118
+
* sane; the record BP,SP can point into thin air when the record is
1119
+
* from a previous PMI context or an (I)RET happend between the record
1120
+
* and PMI.
1119
1121
*/
1120
1122
*regs = *iregs;
1121
1123
regs->flags = pebs->flags;
1122
1124
set_linear_ip(regs, pebs->ip);
1123
-
regs->bp = pebs->bp;
1124
-
regs->sp = pebs->sp;
1125
1125
1126
1126
if (sample_type & PERF_SAMPLE_REGS_INTR) {
1127
1127
regs->ax = pebs->ax;
···
1130
1130
regs->dx = pebs->dx;
1131
1131
regs->si = pebs->si;
1132
1132
regs->di = pebs->di;
1133
-
regs->bp = pebs->bp;
1134
-
regs->sp = pebs->sp;
1135
1133
1136
-
regs->flags = pebs->flags;
1134
+
/*
1135
+
* Per the above; only set BP,SP if we don't need callchains.
1136
+
*
1137
+
* XXX: does this make sense?
1138
+
*/
1139
+
if (!(sample_type & PERF_SAMPLE_CALLCHAIN)) {
1140
+
regs->bp = pebs->bp;
1141
+
regs->sp = pebs->sp;
1142
+
}
1143
+
1144
+
/*
1145
+
* Preserve PERF_EFLAGS_VM from set_linear_ip().
1146
+
*/
1147
+
regs->flags = pebs->flags | (regs->flags & PERF_EFLAGS_VM);
1137
1148
#ifndef CONFIG_X86_32
1138
1149
regs->r8 = pebs->r8;
1139
1150
regs->r9 = pebs->r9;
+4
-4
arch/x86/events/intel/uncore.c
+4
-4
arch/x86/events/intel/uncore.c
···
319
319
*/
320
320
static int uncore_pmu_event_init(struct perf_event *event);
321
321
322
-
static bool is_uncore_event(struct perf_event *event)
322
+
static bool is_box_event(struct intel_uncore_box *box, struct perf_event *event)
323
323
{
324
-
return event->pmu->event_init == uncore_pmu_event_init;
324
+
return &box->pmu->pmu == event->pmu;
325
325
}
326
326
327
327
static int
···
340
340
341
341
n = box->n_events;
342
342
343
-
if (is_uncore_event(leader)) {
343
+
if (is_box_event(box, leader)) {
344
344
box->event_list[n] = leader;
345
345
n++;
346
346
}
···
349
349
return n;
350
350
351
351
list_for_each_entry(event, &leader->sibling_list, group_entry) {
352
-
if (!is_uncore_event(event) ||
352
+
if (!is_box_event(box, event) ||
353
353
event->state <= PERF_EVENT_STATE_OFF)
354
354
continue;
355
355
-12
arch/x86/events/intel/uncore_snb.c
-12
arch/x86/events/intel/uncore_snb.c
···
490
490
491
491
snb_uncore_imc_event_start(event, 0);
492
492
493
-
box->n_events++;
494
-
495
493
return 0;
496
494
}
497
495
498
496
static void snb_uncore_imc_event_del(struct perf_event *event, int flags)
499
497
{
500
-
struct intel_uncore_box *box = uncore_event_to_box(event);
501
-
int i;
502
-
503
498
snb_uncore_imc_event_stop(event, PERF_EF_UPDATE);
504
-
505
-
for (i = 0; i < box->n_events; i++) {
506
-
if (event == box->event_list[i]) {
507
-
--box->n_events;
508
-
break;
509
-
}
510
-
}
511
499
}
512
500
513
501
int snb_pci2phy_map_init(int devid)
+1
-1
arch/x86/events/perf_event.h
+1
-1
arch/x86/events/perf_event.h
···
113
113
* Per register state.
114
114
*/
115
115
struct er_account {
116
-
raw_spinlock_t lock; /* per-core: protect structure */
116
+
raw_spinlock_t lock; /* per-core: protect structure */
117
117
u64 config; /* extra MSR config */
118
118
u64 reg; /* extra MSR number */
119
119
atomic_t ref; /* reference count */
+13
kernel/events/core.c
+13
kernel/events/core.c
···
902
902
* this will always be called from the right CPU.
903
903
*/
904
904
cpuctx = __get_cpu_context(ctx);
905
+
906
+
/* Only set/clear cpuctx->cgrp if current task uses event->cgrp. */
907
+
if (perf_cgroup_from_task(current, ctx) != event->cgrp) {
908
+
/*
909
+
* We are removing the last cpu event in this context.
910
+
* If that event is not active in this cpu, cpuctx->cgrp
911
+
* should've been cleared by perf_cgroup_switch.
912
+
*/
913
+
WARN_ON_ONCE(!add && cpuctx->cgrp);
914
+
return;
915
+
}
905
916
cpuctx->cgrp = add ? event->cgrp : NULL;
906
917
}
907
918
···
8029
8018
* if <size> is not specified, the range is treated as a single address.
8030
8019
*/
8031
8020
enum {
8021
+
IF_ACT_NONE = -1,
8032
8022
IF_ACT_FILTER,
8033
8023
IF_ACT_START,
8034
8024
IF_ACT_STOP,
···
8053
8041
{ IF_SRC_KERNEL, "%u/%u" },
8054
8042
{ IF_SRC_FILEADDR, "%u@%s" },
8055
8043
{ IF_SRC_KERNELADDR, "%u" },
8044
+
{ IF_ACT_NONE, NULL },
8056
8045
};
8057
8046
8058
8047
/*